[ https://issues.apache.org/jira/browse/SHIRO-801?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17236254#comment-17236254 ]
Brian Demers edited comment on SHIRO-801 at 11/20/20, 3:55 PM: --------------------------------------------------------------- There are a few unicode based attacks, [https://owasp.org/www-community/attacks/Unicode_Encoding] That doesn't mean that your application is susceptible to them (but that is specific to your application), to revert to the previous behavior, you can set {{invalidRequest.blockNonAscii = false}} See: [https://shiro.apache.org/web.html#global-filters] was (Author: bdemers): There are a few unicode based attacks, [https://owasp.org/www-community/attacks/Unicode_Encoding] That doesn't mean that your application is susceptible to them, to revert the previous behavior, you can set {{invalidRequest.blockNonAscii = false}} See: https://shiro.apache.org/web.html#global-filters > Shiro blocks requests with non-ACII characters in the URL path > -------------------------------------------------------------- > > Key: SHIRO-801 > URL: https://issues.apache.org/jira/browse/SHIRO-801 > Project: Shiro > Issue Type: Bug > Affects Versions: 1.7.0 > Reporter: Tuure Laurinolli > Priority: Major > > When trying to upgrade to Shiro 1.7.0 we noticed that some of our tests > started failing. The tests validate that scandinavian characters (äöå) can be > used in object ids in our system. > It appears that SHIRO-794 changed URL validation so that scandinavian > characters are no longer allowed in the decoded path component of the URL. > The relevant code change is > [https://github.com/apache/shiro/commit/a28300448ae6c4bb78a8ba626b0cacb00f82d5f8#diff-bd4bf9dfa4cc7521c708850ac5d397fee22b021ea09a3a91f7ce1587abc287d7|https://github.com/apache/shiro/commit/a28300448ae6c4bb78a8ba626b0cacb00f82d5f8#diff-bd4bf9dfa4cc7521c708850ac5d397fee22b021ea09a3a91f7ce1587abc287d7.] > Is there some reason to not allow non-ASCII characters in the URL path? -- This message was sent by Atlassian Jira (v8.3.4#803005)